[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111604

 
 

909

 
 

87185

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

Arbitrary code execution vulnerability in Apple Mac OS X - APPLE-SA-2014-09-29-1

ID: oval:org.secpod.oval:def:21353Date: (C)2014-10-13   (M)2018-08-09
Class: PATCHFamily: macos




The host is missing a security update according to Apple advisory, APPLE-SA-2014-09-29-1. The update is required to fix arbitrary code execution vulnerability. The flaw is present in the Bash's parsing of environment variables, which fails to handle certain vectors related to memory and crafted data. Successful exploitation allows attackers to execute remote code and have other impact.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Reference:
APPLE-SA-2014-09-29-1
CVE-2014-6271
CVE-2014-7169
CVE    2
CVE-2014-6271
CVE-2014-7169
CPE    2
cpe:/o:apple:mac_os_x
cpe:/o:apple:mac_os_x_server

© SecPod Technologies